Committed to Cybersecurity Success and Resilience
ISACA-CMMI Institute is deeply committed to improving the cybersecurity capabilities of our clients and partners, including the Defense Industrial Base (DIB). We have been working with the Department of Defense (DoD) as a member of the initial Cybersecurity Maturity Model Certification (CMMC) Stakeholder Committee and we are grateful and honored to be able to continue to contribute to the establishment and ongoing success of the CMMC ecosystem. Going forward into 2020 and beyond, we will continue to work with the DoD, the CMMC Accreditation Body (AB) and other stakeholder organizations by leveraging our deep experience and capabilities in:
Cybersecurity training and certifications, performance-based learning for individuals, organizations and instructors
Model-based process and performance assessments, including assessment methods and operations, and quality assurance
Maturity- and capability-based organizational accreditation and verification
Cybersecurity process and controls auditing and performance improvement
ISACA, as a member of the Professional Services Council, (PSC) has subject matter experts currently working in cybersecurity, assessments, training, certifications, and model-based performance improvement, and they are actively engaged with the PSC CMMC Task Force. ISACA-CMMI Institute will continue to collaborate with other organizations to leverage and use ISACA-CMMI Institute’s industry-recognized cybersecurity, assessment, and training resources to make the CMMC program a successful reality in the months and years ahead.
The DoD estimates that U.S. companies are losing over $6 billion USD each year in intellectual capital to competitors due to lack of any cybersecurity or awareness. Cyber attacks are on the increase and organizations must take action to protect Controlled Unclassified Information (CUI) and improve related cybersecurity processes and controls so important to national defense.
The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) recognizes that security is foundational to acquisition and cannot be treated as a “tradeoff” option along with cost, schedule, and performance. The DoD is committed to working with the DIB to enhance the protection of CUI and cyber controls and hygiene within the supply chain using the Cybersecurity Maturity Model Certification (CMMC) framework. CMMC assessments will target, review and combine various cybersecurity standards and best practices and map these controls and processes across several maturity levels that range from basic cyber hygiene to advanced/progressive. For a given CMMC level, the associated controls and processes, when implemented, are designed to reduce risk against a specific set of cyber threats.
The CMMC effort builds upon existing regulation (DFARS 252.204-7012) that is based on a "trust yet verify" approach with respect to DoD cybersecurity requirements. The goal is for CMMC to be cost-effective and affordable for small businesses to implement at the lower CMMC levels. The intent is for certified independent 3rd party organizations to conduct CMMC assessments on DIB suppliers to improve their cybersecurity capabilities and to inform them on their risks.
OUSD(A&S) is working with DoD stakeholders, academia, Federally Funded Research and Development Centers (FFRDCs), and industry to develop and then implement the Cybersecurity Maturity Model Certification (CMMC) program. The CMMC Accreditation Body (AB) was established in January, 2020, and the Memorandum of Understanding (MOU) between the DoD and CMMC AB to setup and operate the CMMC program was signed in March. The AB has established numerous working groups to get the initial aspects of the ecosystem in place in Q1 and Q2 of 2020.
Please complete form below to let us know your level of interest in CMMC.
* denotes required field.
I am interested in*: